03-13-2011 04:21 PM
I’ve been using a Cisco ASA 5505 Security Plus bundle for two years now without any problems. I recently changed my ISP to Verizon FiOS (which is providing me with 25 Mb bandwidth at a fraction of the cost of my old T1) which is set up to provide 5 Static externally facing IP numbers for my email, webserver and name servers;. The problem is the Verizon router doesn’t support my use of the ASA Appliance. Verizon recommend I purchase a business class router and use it in place of they one provided with my installation. Verizon assures me that this will work so I bought a Cisco RVS4000. I have configured it to use the primary external IP number and have internet access; however, the new router is providing NAT addressing which the ASA is in conflict with (they are both using the same NAT IP range). I'm assuming the ASA 5505 is expecting to have access to the external IP address and NOT NAT address (at least that is how I have had it configured so far). I have to admit I don’t know a lot about networking and am hoping someone can tell me how to configure the new router to provide access to the five static external “real world” IP to my Cisco ASA Firewall. I’m assuming I may need to establish another VLAN and/or do some form of bridging but I’m in over my head at this point.
Worse case I can go back to using the router that came with my new line (and has a built in firewall); but I would much rather keep using
my ASA 5505 if ta all possible.
Any assistance will be greatly appreciated@
Wolf
03-14-2011 11:53 AM
Hi Wolf,
I think that the feature you are looking for is One-to-one NAT. Unfortunately this is not a feature of the RVS4000. The RV0xx series (RV016, RV042, RV082) support One-to-one NAT. See the following post for further details:
https://www.myciscocommunity.com/thread/5596;jsessionid=11A770A95DB9525BAE2D668DA569CD39.node0
03-14-2011 04:10 PM
Thanks fr response. While this might do what I'm looking for; what I really think I'm trying to do is disable NAT all together and have the RVS4000 route my 5 external IP to my Firewall. When I had my previous broadband provider the router was providing the real world IP to my internal network so that if I wanted to (which I didn't because it was a huge security risk) I could have had my servers running actual IP numbers rather than NAT IP. Thus my ASA 5505 had access to the real IP and the firewall provided all my internal NAT (including my DMZ which was logically separated from the rest of my internal network). Is this something my RSV4000 can do?
Thanks again for replying!
03-14-2011 04:31 PM
Wolf,
I suspect that your T1 provider had you connected to an enterprise router for the capabilities that you had. The closest you will get with a Small Business router is One-to-one NAT, which as I stated previously the RVS4000 does not have. Why not connect the ASA 5505 directly to the ISP and forget about the second router?
03-16-2011 03:43 AM
03-16-2011 11:32 AM
Wolf,
It sounds like you just need a little configuration assistance with the ASA 5505. Try posting your question here:
https://supportforums.cisco.com/community/netpro/security/firewall
If this helps you, please give us an update for future reference.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide